hci_event.c revision be77159c3f37e73a18ecc5c1eab3c67e07c6ce22
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved. 4 5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23*/ 24 25/* Bluetooth HCI event handling. */ 26 27#include <linux/module.h> 28 29#include <linux/types.h> 30#include <linux/errno.h> 31#include <linux/kernel.h> 32#include <linux/slab.h> 33#include <linux/poll.h> 34#include <linux/fcntl.h> 35#include <linux/init.h> 36#include <linux/skbuff.h> 37#include <linux/interrupt.h> 38#include <linux/notifier.h> 39#include <net/sock.h> 40 41#include <asm/system.h> 42#include <linux/uaccess.h> 43#include <asm/unaligned.h> 44 45#include <net/bluetooth/bluetooth.h> 46#include <net/bluetooth/hci_core.h> 47 48/* Handle HCI Event packets */ 49 50static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb) 51{ 52 __u8 status = *((__u8 *) skb->data); 53 54 BT_DBG("%s status 0x%x", hdev->name, status); 55 56 if (status) 57 return; 58 59 if (test_bit(HCI_MGMT, &hdev->flags) && 60 test_and_clear_bit(HCI_INQUIRY, &hdev->flags)) 61 mgmt_discovering(hdev->id, 0); 62 63 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status); 64 65 hci_conn_check_pending(hdev); 66} 67 68static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb) 69{ 70 __u8 status = *((__u8 *) skb->data); 71 72 BT_DBG("%s status 0x%x", hdev->name, status); 73 74 if (status) 75 return; 76 77 if (test_bit(HCI_MGMT, &hdev->flags) && 78 test_and_clear_bit(HCI_INQUIRY, &hdev->flags)) 79 mgmt_discovering(hdev->id, 0); 80 81 hci_conn_check_pending(hdev); 82} 83 84static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb) 85{ 86 BT_DBG("%s", hdev->name); 87} 88 89static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb) 90{ 91 struct hci_rp_role_discovery *rp = (void *) skb->data; 92 struct hci_conn *conn; 93 94 BT_DBG("%s status 0x%x", hdev->name, rp->status); 95 96 if (rp->status) 97 return; 98 99 hci_dev_lock(hdev); 100 101 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 102 if (conn) { 103 if (rp->role) 104 conn->link_mode &= ~HCI_LM_MASTER; 105 else 106 conn->link_mode |= HCI_LM_MASTER; 107 } 108 109 hci_dev_unlock(hdev); 110} 111 112static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 113{ 114 struct hci_rp_read_link_policy *rp = (void *) skb->data; 115 struct hci_conn *conn; 116 117 BT_DBG("%s status 0x%x", hdev->name, rp->status); 118 119 if (rp->status) 120 return; 121 122 hci_dev_lock(hdev); 123 124 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 125 if (conn) 126 conn->link_policy = __le16_to_cpu(rp->policy); 127 128 hci_dev_unlock(hdev); 129} 130 131static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 132{ 133 struct hci_rp_write_link_policy *rp = (void *) skb->data; 134 struct hci_conn *conn; 135 void *sent; 136 137 BT_DBG("%s status 0x%x", hdev->name, rp->status); 138 139 if (rp->status) 140 return; 141 142 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY); 143 if (!sent) 144 return; 145 146 hci_dev_lock(hdev); 147 148 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 149 if (conn) 150 conn->link_policy = get_unaligned_le16(sent + 2); 151 152 hci_dev_unlock(hdev); 153} 154 155static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 156{ 157 struct hci_rp_read_def_link_policy *rp = (void *) skb->data; 158 159 BT_DBG("%s status 0x%x", hdev->name, rp->status); 160 161 if (rp->status) 162 return; 163 164 hdev->link_policy = __le16_to_cpu(rp->policy); 165} 166 167static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 168{ 169 __u8 status = *((__u8 *) skb->data); 170 void *sent; 171 172 BT_DBG("%s status 0x%x", hdev->name, status); 173 174 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY); 175 if (!sent) 176 return; 177 178 if (!status) 179 hdev->link_policy = get_unaligned_le16(sent); 180 181 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status); 182} 183 184static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb) 185{ 186 __u8 status = *((__u8 *) skb->data); 187 188 BT_DBG("%s status 0x%x", hdev->name, status); 189 190 clear_bit(HCI_RESET, &hdev->flags); 191 192 hci_req_complete(hdev, HCI_OP_RESET, status); 193} 194 195static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb) 196{ 197 __u8 status = *((__u8 *) skb->data); 198 void *sent; 199 200 BT_DBG("%s status 0x%x", hdev->name, status); 201 202 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME); 203 if (!sent) 204 return; 205 206 if (test_bit(HCI_MGMT, &hdev->flags)) 207 mgmt_set_local_name_complete(hdev->id, sent, status); 208 209 if (status) 210 return; 211 212 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH); 213} 214 215static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb) 216{ 217 struct hci_rp_read_local_name *rp = (void *) skb->data; 218 219 BT_DBG("%s status 0x%x", hdev->name, rp->status); 220 221 if (rp->status) 222 return; 223 224 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH); 225} 226 227static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb) 228{ 229 __u8 status = *((__u8 *) skb->data); 230 void *sent; 231 232 BT_DBG("%s status 0x%x", hdev->name, status); 233 234 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE); 235 if (!sent) 236 return; 237 238 if (!status) { 239 __u8 param = *((__u8 *) sent); 240 241 if (param == AUTH_ENABLED) 242 set_bit(HCI_AUTH, &hdev->flags); 243 else 244 clear_bit(HCI_AUTH, &hdev->flags); 245 } 246 247 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status); 248} 249 250static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb) 251{ 252 __u8 status = *((__u8 *) skb->data); 253 void *sent; 254 255 BT_DBG("%s status 0x%x", hdev->name, status); 256 257 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE); 258 if (!sent) 259 return; 260 261 if (!status) { 262 __u8 param = *((__u8 *) sent); 263 264 if (param) 265 set_bit(HCI_ENCRYPT, &hdev->flags); 266 else 267 clear_bit(HCI_ENCRYPT, &hdev->flags); 268 } 269 270 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status); 271} 272 273static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb) 274{ 275 __u8 status = *((__u8 *) skb->data); 276 void *sent; 277 278 BT_DBG("%s status 0x%x", hdev->name, status); 279 280 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE); 281 if (!sent) 282 return; 283 284 if (!status) { 285 __u8 param = *((__u8 *) sent); 286 int old_pscan, old_iscan; 287 288 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags); 289 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags); 290 291 if (param & SCAN_INQUIRY) { 292 set_bit(HCI_ISCAN, &hdev->flags); 293 if (!old_iscan) 294 mgmt_discoverable(hdev->id, 1); 295 } else if (old_iscan) 296 mgmt_discoverable(hdev->id, 0); 297 298 if (param & SCAN_PAGE) { 299 set_bit(HCI_PSCAN, &hdev->flags); 300 if (!old_pscan) 301 mgmt_connectable(hdev->id, 1); 302 } else if (old_pscan) 303 mgmt_connectable(hdev->id, 0); 304 } 305 306 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status); 307} 308 309static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb) 310{ 311 struct hci_rp_read_class_of_dev *rp = (void *) skb->data; 312 313 BT_DBG("%s status 0x%x", hdev->name, rp->status); 314 315 if (rp->status) 316 return; 317 318 memcpy(hdev->dev_class, rp->dev_class, 3); 319 320 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name, 321 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]); 322} 323 324static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb) 325{ 326 __u8 status = *((__u8 *) skb->data); 327 void *sent; 328 329 BT_DBG("%s status 0x%x", hdev->name, status); 330 331 if (status) 332 return; 333 334 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV); 335 if (!sent) 336 return; 337 338 memcpy(hdev->dev_class, sent, 3); 339} 340 341static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb) 342{ 343 struct hci_rp_read_voice_setting *rp = (void *) skb->data; 344 __u16 setting; 345 346 BT_DBG("%s status 0x%x", hdev->name, rp->status); 347 348 if (rp->status) 349 return; 350 351 setting = __le16_to_cpu(rp->voice_setting); 352 353 if (hdev->voice_setting == setting) 354 return; 355 356 hdev->voice_setting = setting; 357 358 BT_DBG("%s voice setting 0x%04x", hdev->name, setting); 359 360 if (hdev->notify) { 361 tasklet_disable(&hdev->tx_task); 362 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 363 tasklet_enable(&hdev->tx_task); 364 } 365} 366 367static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb) 368{ 369 __u8 status = *((__u8 *) skb->data); 370 __u16 setting; 371 void *sent; 372 373 BT_DBG("%s status 0x%x", hdev->name, status); 374 375 if (status) 376 return; 377 378 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING); 379 if (!sent) 380 return; 381 382 setting = get_unaligned_le16(sent); 383 384 if (hdev->voice_setting == setting) 385 return; 386 387 hdev->voice_setting = setting; 388 389 BT_DBG("%s voice setting 0x%04x", hdev->name, setting); 390 391 if (hdev->notify) { 392 tasklet_disable(&hdev->tx_task); 393 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 394 tasklet_enable(&hdev->tx_task); 395 } 396} 397 398static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb) 399{ 400 __u8 status = *((__u8 *) skb->data); 401 402 BT_DBG("%s status 0x%x", hdev->name, status); 403 404 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status); 405} 406 407static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) 408{ 409 struct hci_rp_read_ssp_mode *rp = (void *) skb->data; 410 411 BT_DBG("%s status 0x%x", hdev->name, rp->status); 412 413 if (rp->status) 414 return; 415 416 hdev->ssp_mode = rp->mode; 417} 418 419static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) 420{ 421 __u8 status = *((__u8 *) skb->data); 422 void *sent; 423 424 BT_DBG("%s status 0x%x", hdev->name, status); 425 426 if (status) 427 return; 428 429 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE); 430 if (!sent) 431 return; 432 433 hdev->ssp_mode = *((__u8 *) sent); 434} 435 436static u8 hci_get_inquiry_mode(struct hci_dev *hdev) 437{ 438 if (hdev->features[6] & LMP_EXT_INQ) 439 return 2; 440 441 if (hdev->features[3] & LMP_RSSI_INQ) 442 return 1; 443 444 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 && 445 hdev->lmp_subver == 0x0757) 446 return 1; 447 448 if (hdev->manufacturer == 15) { 449 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963) 450 return 1; 451 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963) 452 return 1; 453 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965) 454 return 1; 455 } 456 457 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 && 458 hdev->lmp_subver == 0x1805) 459 return 1; 460 461 return 0; 462} 463 464static void hci_setup_inquiry_mode(struct hci_dev *hdev) 465{ 466 u8 mode; 467 468 mode = hci_get_inquiry_mode(hdev); 469 470 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode); 471} 472 473static void hci_setup_event_mask(struct hci_dev *hdev) 474{ 475 /* The second byte is 0xff instead of 0x9f (two reserved bits 476 * disabled) since a Broadcom 1.2 dongle doesn't respond to the 477 * command otherwise */ 478 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 }; 479 480 /* Events for 1.2 and newer controllers */ 481 if (hdev->lmp_ver > 1) { 482 events[4] |= 0x01; /* Flow Specification Complete */ 483 events[4] |= 0x02; /* Inquiry Result with RSSI */ 484 events[4] |= 0x04; /* Read Remote Extended Features Complete */ 485 events[5] |= 0x08; /* Synchronous Connection Complete */ 486 events[5] |= 0x10; /* Synchronous Connection Changed */ 487 } 488 489 if (hdev->features[3] & LMP_RSSI_INQ) 490 events[4] |= 0x04; /* Inquiry Result with RSSI */ 491 492 if (hdev->features[5] & LMP_SNIFF_SUBR) 493 events[5] |= 0x20; /* Sniff Subrating */ 494 495 if (hdev->features[5] & LMP_PAUSE_ENC) 496 events[5] |= 0x80; /* Encryption Key Refresh Complete */ 497 498 if (hdev->features[6] & LMP_EXT_INQ) 499 events[5] |= 0x40; /* Extended Inquiry Result */ 500 501 if (hdev->features[6] & LMP_NO_FLUSH) 502 events[7] |= 0x01; /* Enhanced Flush Complete */ 503 504 if (hdev->features[7] & LMP_LSTO) 505 events[6] |= 0x80; /* Link Supervision Timeout Changed */ 506 507 if (hdev->features[6] & LMP_SIMPLE_PAIR) { 508 events[6] |= 0x01; /* IO Capability Request */ 509 events[6] |= 0x02; /* IO Capability Response */ 510 events[6] |= 0x04; /* User Confirmation Request */ 511 events[6] |= 0x08; /* User Passkey Request */ 512 events[6] |= 0x10; /* Remote OOB Data Request */ 513 events[6] |= 0x20; /* Simple Pairing Complete */ 514 events[7] |= 0x04; /* User Passkey Notification */ 515 events[7] |= 0x08; /* Keypress Notification */ 516 events[7] |= 0x10; /* Remote Host Supported 517 * Features Notification */ 518 } 519 520 if (hdev->features[4] & LMP_LE) 521 events[7] |= 0x20; /* LE Meta-Event */ 522 523 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events); 524} 525 526static void hci_setup(struct hci_dev *hdev) 527{ 528 hci_setup_event_mask(hdev); 529 530 if (hdev->lmp_ver > 1) 531 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL); 532 533 if (hdev->features[6] & LMP_SIMPLE_PAIR) { 534 u8 mode = 0x01; 535 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode); 536 } 537 538 if (hdev->features[3] & LMP_RSSI_INQ) 539 hci_setup_inquiry_mode(hdev); 540 541 if (hdev->features[7] & LMP_INQ_TX_PWR) 542 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL); 543} 544 545static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb) 546{ 547 struct hci_rp_read_local_version *rp = (void *) skb->data; 548 549 BT_DBG("%s status 0x%x", hdev->name, rp->status); 550 551 if (rp->status) 552 return; 553 554 hdev->hci_ver = rp->hci_ver; 555 hdev->hci_rev = __le16_to_cpu(rp->hci_rev); 556 hdev->lmp_ver = rp->lmp_ver; 557 hdev->manufacturer = __le16_to_cpu(rp->manufacturer); 558 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver); 559 560 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name, 561 hdev->manufacturer, 562 hdev->hci_ver, hdev->hci_rev); 563 564 if (test_bit(HCI_INIT, &hdev->flags)) 565 hci_setup(hdev); 566} 567 568static void hci_setup_link_policy(struct hci_dev *hdev) 569{ 570 u16 link_policy = 0; 571 572 if (hdev->features[0] & LMP_RSWITCH) 573 link_policy |= HCI_LP_RSWITCH; 574 if (hdev->features[0] & LMP_HOLD) 575 link_policy |= HCI_LP_HOLD; 576 if (hdev->features[0] & LMP_SNIFF) 577 link_policy |= HCI_LP_SNIFF; 578 if (hdev->features[1] & LMP_PARK) 579 link_policy |= HCI_LP_PARK; 580 581 link_policy = cpu_to_le16(link_policy); 582 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 583 sizeof(link_policy), &link_policy); 584} 585 586static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb) 587{ 588 struct hci_rp_read_local_commands *rp = (void *) skb->data; 589 590 BT_DBG("%s status 0x%x", hdev->name, rp->status); 591 592 if (rp->status) 593 goto done; 594 595 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands)); 596 597 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10)) 598 hci_setup_link_policy(hdev); 599 600done: 601 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status); 602} 603 604static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb) 605{ 606 struct hci_rp_read_local_features *rp = (void *) skb->data; 607 608 BT_DBG("%s status 0x%x", hdev->name, rp->status); 609 610 if (rp->status) 611 return; 612 613 memcpy(hdev->features, rp->features, 8); 614 615 /* Adjust default settings according to features 616 * supported by device. */ 617 618 if (hdev->features[0] & LMP_3SLOT) 619 hdev->pkt_type |= (HCI_DM3 | HCI_DH3); 620 621 if (hdev->features[0] & LMP_5SLOT) 622 hdev->pkt_type |= (HCI_DM5 | HCI_DH5); 623 624 if (hdev->features[1] & LMP_HV2) { 625 hdev->pkt_type |= (HCI_HV2); 626 hdev->esco_type |= (ESCO_HV2); 627 } 628 629 if (hdev->features[1] & LMP_HV3) { 630 hdev->pkt_type |= (HCI_HV3); 631 hdev->esco_type |= (ESCO_HV3); 632 } 633 634 if (hdev->features[3] & LMP_ESCO) 635 hdev->esco_type |= (ESCO_EV3); 636 637 if (hdev->features[4] & LMP_EV4) 638 hdev->esco_type |= (ESCO_EV4); 639 640 if (hdev->features[4] & LMP_EV5) 641 hdev->esco_type |= (ESCO_EV5); 642 643 if (hdev->features[5] & LMP_EDR_ESCO_2M) 644 hdev->esco_type |= (ESCO_2EV3); 645 646 if (hdev->features[5] & LMP_EDR_ESCO_3M) 647 hdev->esco_type |= (ESCO_3EV3); 648 649 if (hdev->features[5] & LMP_EDR_3S_ESCO) 650 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5); 651 652 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name, 653 hdev->features[0], hdev->features[1], 654 hdev->features[2], hdev->features[3], 655 hdev->features[4], hdev->features[5], 656 hdev->features[6], hdev->features[7]); 657} 658 659static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb) 660{ 661 struct hci_rp_read_buffer_size *rp = (void *) skb->data; 662 663 BT_DBG("%s status 0x%x", hdev->name, rp->status); 664 665 if (rp->status) 666 return; 667 668 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu); 669 hdev->sco_mtu = rp->sco_mtu; 670 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt); 671 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt); 672 673 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) { 674 hdev->sco_mtu = 64; 675 hdev->sco_pkts = 8; 676 } 677 678 hdev->acl_cnt = hdev->acl_pkts; 679 hdev->sco_cnt = hdev->sco_pkts; 680 681 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, 682 hdev->acl_mtu, hdev->acl_pkts, 683 hdev->sco_mtu, hdev->sco_pkts); 684} 685 686static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb) 687{ 688 struct hci_rp_read_bd_addr *rp = (void *) skb->data; 689 690 BT_DBG("%s status 0x%x", hdev->name, rp->status); 691 692 if (!rp->status) 693 bacpy(&hdev->bdaddr, &rp->bdaddr); 694 695 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status); 696} 697 698static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb) 699{ 700 __u8 status = *((__u8 *) skb->data); 701 702 BT_DBG("%s status 0x%x", hdev->name, status); 703 704 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status); 705} 706 707static void hci_cc_delete_stored_link_key(struct hci_dev *hdev, 708 struct sk_buff *skb) 709{ 710 __u8 status = *((__u8 *) skb->data); 711 712 BT_DBG("%s status 0x%x", hdev->name, status); 713 714 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status); 715} 716 717static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb) 718{ 719 __u8 status = *((__u8 *) skb->data); 720 721 BT_DBG("%s status 0x%x", hdev->name, status); 722 723 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status); 724} 725 726static void hci_cc_write_inquiry_mode(struct hci_dev *hdev, 727 struct sk_buff *skb) 728{ 729 __u8 status = *((__u8 *) skb->data); 730 731 BT_DBG("%s status 0x%x", hdev->name, status); 732 733 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status); 734} 735 736static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev, 737 struct sk_buff *skb) 738{ 739 __u8 status = *((__u8 *) skb->data); 740 741 BT_DBG("%s status 0x%x", hdev->name, status); 742 743 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status); 744} 745 746static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb) 747{ 748 __u8 status = *((__u8 *) skb->data); 749 750 BT_DBG("%s status 0x%x", hdev->name, status); 751 752 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status); 753} 754 755static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb) 756{ 757 struct hci_rp_pin_code_reply *rp = (void *) skb->data; 758 struct hci_cp_pin_code_reply *cp; 759 struct hci_conn *conn; 760 761 BT_DBG("%s status 0x%x", hdev->name, rp->status); 762 763 if (test_bit(HCI_MGMT, &hdev->flags)) 764 mgmt_pin_code_reply_complete(hdev->id, &rp->bdaddr, rp->status); 765 766 if (rp->status != 0) 767 return; 768 769 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY); 770 if (!cp) 771 return; 772 773 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 774 if (conn) 775 conn->pin_length = cp->pin_len; 776} 777 778static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb) 779{ 780 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data; 781 782 BT_DBG("%s status 0x%x", hdev->name, rp->status); 783 784 if (test_bit(HCI_MGMT, &hdev->flags)) 785 mgmt_pin_code_neg_reply_complete(hdev->id, &rp->bdaddr, 786 rp->status); 787} 788static void hci_cc_le_read_buffer_size(struct hci_dev *hdev, 789 struct sk_buff *skb) 790{ 791 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data; 792 793 BT_DBG("%s status 0x%x", hdev->name, rp->status); 794 795 if (rp->status) 796 return; 797 798 hdev->le_mtu = __le16_to_cpu(rp->le_mtu); 799 hdev->le_pkts = rp->le_max_pkt; 800 801 hdev->le_cnt = hdev->le_pkts; 802 803 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts); 804 805 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status); 806} 807 808static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb) 809{ 810 struct hci_rp_user_confirm_reply *rp = (void *) skb->data; 811 812 BT_DBG("%s status 0x%x", hdev->name, rp->status); 813 814 if (test_bit(HCI_MGMT, &hdev->flags)) 815 mgmt_user_confirm_reply_complete(hdev->id, &rp->bdaddr, 816 rp->status); 817} 818 819static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev, 820 struct sk_buff *skb) 821{ 822 struct hci_rp_user_confirm_reply *rp = (void *) skb->data; 823 824 BT_DBG("%s status 0x%x", hdev->name, rp->status); 825 826 if (test_bit(HCI_MGMT, &hdev->flags)) 827 mgmt_user_confirm_neg_reply_complete(hdev->id, &rp->bdaddr, 828 rp->status); 829} 830 831static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev, 832 struct sk_buff *skb) 833{ 834 struct hci_rp_read_local_oob_data *rp = (void *) skb->data; 835 836 BT_DBG("%s status 0x%x", hdev->name, rp->status); 837 838 mgmt_read_local_oob_data_reply_complete(hdev->id, rp->hash, 839 rp->randomizer, rp->status); 840} 841 842static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) 843{ 844 BT_DBG("%s status 0x%x", hdev->name, status); 845 846 if (status) { 847 hci_req_complete(hdev, HCI_OP_INQUIRY, status); 848 hci_conn_check_pending(hdev); 849 return; 850 } 851 852 if (test_bit(HCI_MGMT, &hdev->flags) && 853 !test_and_set_bit(HCI_INQUIRY, 854 &hdev->flags)) 855 mgmt_discovering(hdev->id, 1); 856} 857 858static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status) 859{ 860 struct hci_cp_create_conn *cp; 861 struct hci_conn *conn; 862 863 BT_DBG("%s status 0x%x", hdev->name, status); 864 865 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN); 866 if (!cp) 867 return; 868 869 hci_dev_lock(hdev); 870 871 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 872 873 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn); 874 875 if (status) { 876 if (conn && conn->state == BT_CONNECT) { 877 if (status != 0x0c || conn->attempt > 2) { 878 conn->state = BT_CLOSED; 879 hci_proto_connect_cfm(conn, status); 880 hci_conn_del(conn); 881 } else 882 conn->state = BT_CONNECT2; 883 } 884 } else { 885 if (!conn) { 886 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr); 887 if (conn) { 888 conn->out = 1; 889 conn->link_mode |= HCI_LM_MASTER; 890 } else 891 BT_ERR("No memory for new connection"); 892 } 893 } 894 895 hci_dev_unlock(hdev); 896} 897 898static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status) 899{ 900 struct hci_cp_add_sco *cp; 901 struct hci_conn *acl, *sco; 902 __u16 handle; 903 904 BT_DBG("%s status 0x%x", hdev->name, status); 905 906 if (!status) 907 return; 908 909 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO); 910 if (!cp) 911 return; 912 913 handle = __le16_to_cpu(cp->handle); 914 915 BT_DBG("%s handle %d", hdev->name, handle); 916 917 hci_dev_lock(hdev); 918 919 acl = hci_conn_hash_lookup_handle(hdev, handle); 920 if (acl) { 921 sco = acl->link; 922 if (sco) { 923 sco->state = BT_CLOSED; 924 925 hci_proto_connect_cfm(sco, status); 926 hci_conn_del(sco); 927 } 928 } 929 930 hci_dev_unlock(hdev); 931} 932 933static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status) 934{ 935 struct hci_cp_auth_requested *cp; 936 struct hci_conn *conn; 937 938 BT_DBG("%s status 0x%x", hdev->name, status); 939 940 if (!status) 941 return; 942 943 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED); 944 if (!cp) 945 return; 946 947 hci_dev_lock(hdev); 948 949 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 950 if (conn) { 951 if (conn->state == BT_CONFIG) { 952 hci_proto_connect_cfm(conn, status); 953 hci_conn_put(conn); 954 } 955 } 956 957 hci_dev_unlock(hdev); 958} 959 960static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status) 961{ 962 struct hci_cp_set_conn_encrypt *cp; 963 struct hci_conn *conn; 964 965 BT_DBG("%s status 0x%x", hdev->name, status); 966 967 if (!status) 968 return; 969 970 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT); 971 if (!cp) 972 return; 973 974 hci_dev_lock(hdev); 975 976 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 977 if (conn) { 978 if (conn->state == BT_CONFIG) { 979 hci_proto_connect_cfm(conn, status); 980 hci_conn_put(conn); 981 } 982 } 983 984 hci_dev_unlock(hdev); 985} 986 987static int hci_outgoing_auth_needed(struct hci_dev *hdev, 988 struct hci_conn *conn) 989{ 990 if (conn->state != BT_CONFIG || !conn->out) 991 return 0; 992 993 if (conn->pending_sec_level == BT_SECURITY_SDP) 994 return 0; 995 996 /* Only request authentication for SSP connections or non-SSP 997 * devices with sec_level HIGH */ 998 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) && 999 conn->pending_sec_level != BT_SECURITY_HIGH) 1000 return 0; 1001 1002 return 1; 1003} 1004 1005static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status) 1006{ 1007 struct hci_cp_remote_name_req *cp; 1008 struct hci_conn *conn; 1009 1010 BT_DBG("%s status 0x%x", hdev->name, status); 1011 1012 /* If successful wait for the name req complete event before 1013 * checking for the need to do authentication */ 1014 if (!status) 1015 return; 1016 1017 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ); 1018 if (!cp) 1019 return; 1020 1021 hci_dev_lock(hdev); 1022 1023 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1024 if (!conn) 1025 goto unlock; 1026 1027 if (!hci_outgoing_auth_needed(hdev, conn)) 1028 goto unlock; 1029 1030 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 1031 struct hci_cp_auth_requested cp; 1032 cp.handle = __cpu_to_le16(conn->handle); 1033 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp); 1034 } 1035 1036unlock: 1037 hci_dev_unlock(hdev); 1038} 1039 1040static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status) 1041{ 1042 struct hci_cp_read_remote_features *cp; 1043 struct hci_conn *conn; 1044 1045 BT_DBG("%s status 0x%x", hdev->name, status); 1046 1047 if (!status) 1048 return; 1049 1050 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES); 1051 if (!cp) 1052 return; 1053 1054 hci_dev_lock(hdev); 1055 1056 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1057 if (conn) { 1058 if (conn->state == BT_CONFIG) { 1059 hci_proto_connect_cfm(conn, status); 1060 hci_conn_put(conn); 1061 } 1062 } 1063 1064 hci_dev_unlock(hdev); 1065} 1066 1067static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status) 1068{ 1069 struct hci_cp_read_remote_ext_features *cp; 1070 struct hci_conn *conn; 1071 1072 BT_DBG("%s status 0x%x", hdev->name, status); 1073 1074 if (!status) 1075 return; 1076 1077 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES); 1078 if (!cp) 1079 return; 1080 1081 hci_dev_lock(hdev); 1082 1083 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1084 if (conn) { 1085 if (conn->state == BT_CONFIG) { 1086 hci_proto_connect_cfm(conn, status); 1087 hci_conn_put(conn); 1088 } 1089 } 1090 1091 hci_dev_unlock(hdev); 1092} 1093 1094static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status) 1095{ 1096 struct hci_cp_setup_sync_conn *cp; 1097 struct hci_conn *acl, *sco; 1098 __u16 handle; 1099 1100 BT_DBG("%s status 0x%x", hdev->name, status); 1101 1102 if (!status) 1103 return; 1104 1105 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN); 1106 if (!cp) 1107 return; 1108 1109 handle = __le16_to_cpu(cp->handle); 1110 1111 BT_DBG("%s handle %d", hdev->name, handle); 1112 1113 hci_dev_lock(hdev); 1114 1115 acl = hci_conn_hash_lookup_handle(hdev, handle); 1116 if (acl) { 1117 sco = acl->link; 1118 if (sco) { 1119 sco->state = BT_CLOSED; 1120 1121 hci_proto_connect_cfm(sco, status); 1122 hci_conn_del(sco); 1123 } 1124 } 1125 1126 hci_dev_unlock(hdev); 1127} 1128 1129static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status) 1130{ 1131 struct hci_cp_sniff_mode *cp; 1132 struct hci_conn *conn; 1133 1134 BT_DBG("%s status 0x%x", hdev->name, status); 1135 1136 if (!status) 1137 return; 1138 1139 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE); 1140 if (!cp) 1141 return; 1142 1143 hci_dev_lock(hdev); 1144 1145 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1146 if (conn) { 1147 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend); 1148 1149 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend)) 1150 hci_sco_setup(conn, status); 1151 } 1152 1153 hci_dev_unlock(hdev); 1154} 1155 1156static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status) 1157{ 1158 struct hci_cp_exit_sniff_mode *cp; 1159 struct hci_conn *conn; 1160 1161 BT_DBG("%s status 0x%x", hdev->name, status); 1162 1163 if (!status) 1164 return; 1165 1166 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE); 1167 if (!cp) 1168 return; 1169 1170 hci_dev_lock(hdev); 1171 1172 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1173 if (conn) { 1174 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend); 1175 1176 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend)) 1177 hci_sco_setup(conn, status); 1178 } 1179 1180 hci_dev_unlock(hdev); 1181} 1182 1183static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status) 1184{ 1185 struct hci_cp_le_create_conn *cp; 1186 struct hci_conn *conn; 1187 1188 BT_DBG("%s status 0x%x", hdev->name, status); 1189 1190 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN); 1191 if (!cp) 1192 return; 1193 1194 hci_dev_lock(hdev); 1195 1196 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr); 1197 1198 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr), 1199 conn); 1200 1201 if (status) { 1202 if (conn && conn->state == BT_CONNECT) { 1203 conn->state = BT_CLOSED; 1204 hci_proto_connect_cfm(conn, status); 1205 hci_conn_del(conn); 1206 } 1207 } else { 1208 if (!conn) { 1209 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr); 1210 if (conn) 1211 conn->out = 1; 1212 else 1213 BT_ERR("No memory for new connection"); 1214 } 1215 } 1216 1217 hci_dev_unlock(hdev); 1218} 1219 1220static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1221{ 1222 __u8 status = *((__u8 *) skb->data); 1223 1224 BT_DBG("%s status %d", hdev->name, status); 1225 1226 if (test_bit(HCI_MGMT, &hdev->flags) && 1227 test_and_clear_bit(HCI_INQUIRY, &hdev->flags)) 1228 mgmt_discovering(hdev->id, 0); 1229 1230 hci_req_complete(hdev, HCI_OP_INQUIRY, status); 1231 1232 hci_conn_check_pending(hdev); 1233} 1234 1235static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb) 1236{ 1237 struct inquiry_data data; 1238 struct inquiry_info *info = (void *) (skb->data + 1); 1239 int num_rsp = *((__u8 *) skb->data); 1240 1241 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 1242 1243 if (!num_rsp) 1244 return; 1245 1246 hci_dev_lock(hdev); 1247 1248 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) { 1249 1250 if (test_bit(HCI_MGMT, &hdev->flags)) 1251 mgmt_discovering(hdev->id, 1); 1252 } 1253 1254 for (; num_rsp; num_rsp--, info++) { 1255 bacpy(&data.bdaddr, &info->bdaddr); 1256 data.pscan_rep_mode = info->pscan_rep_mode; 1257 data.pscan_period_mode = info->pscan_period_mode; 1258 data.pscan_mode = info->pscan_mode; 1259 memcpy(data.dev_class, info->dev_class, 3); 1260 data.clock_offset = info->clock_offset; 1261 data.rssi = 0x00; 1262 data.ssp_mode = 0x00; 1263 hci_inquiry_cache_update(hdev, &data); 1264 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class, 0, 1265 NULL); 1266 } 1267 1268 hci_dev_unlock(hdev); 1269} 1270 1271static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1272{ 1273 struct hci_ev_conn_complete *ev = (void *) skb->data; 1274 struct hci_conn *conn; 1275 1276 BT_DBG("%s", hdev->name); 1277 1278 hci_dev_lock(hdev); 1279 1280 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 1281 if (!conn) { 1282 if (ev->link_type != SCO_LINK) 1283 goto unlock; 1284 1285 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr); 1286 if (!conn) 1287 goto unlock; 1288 1289 conn->type = SCO_LINK; 1290 } 1291 1292 if (!ev->status) { 1293 conn->handle = __le16_to_cpu(ev->handle); 1294 1295 if (conn->type == ACL_LINK) { 1296 conn->state = BT_CONFIG; 1297 hci_conn_hold(conn); 1298 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 1299 mgmt_connected(hdev->id, &ev->bdaddr); 1300 } else 1301 conn->state = BT_CONNECTED; 1302 1303 hci_conn_hold_device(conn); 1304 hci_conn_add_sysfs(conn); 1305 1306 if (test_bit(HCI_AUTH, &hdev->flags)) 1307 conn->link_mode |= HCI_LM_AUTH; 1308 1309 if (test_bit(HCI_ENCRYPT, &hdev->flags)) 1310 conn->link_mode |= HCI_LM_ENCRYPT; 1311 1312 /* Get remote features */ 1313 if (conn->type == ACL_LINK) { 1314 struct hci_cp_read_remote_features cp; 1315 cp.handle = ev->handle; 1316 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES, 1317 sizeof(cp), &cp); 1318 } 1319 1320 /* Set packet type for incoming connection */ 1321 if (!conn->out && hdev->hci_ver < 3) { 1322 struct hci_cp_change_conn_ptype cp; 1323 cp.handle = ev->handle; 1324 cp.pkt_type = cpu_to_le16(conn->pkt_type); 1325 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, 1326 sizeof(cp), &cp); 1327 } 1328 } else { 1329 conn->state = BT_CLOSED; 1330 if (conn->type == ACL_LINK) 1331 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status); 1332 } 1333 1334 if (conn->type == ACL_LINK) 1335 hci_sco_setup(conn, ev->status); 1336 1337 if (ev->status) { 1338 hci_proto_connect_cfm(conn, ev->status); 1339 hci_conn_del(conn); 1340 } else if (ev->link_type != ACL_LINK) 1341 hci_proto_connect_cfm(conn, ev->status); 1342 1343unlock: 1344 hci_dev_unlock(hdev); 1345 1346 hci_conn_check_pending(hdev); 1347} 1348 1349static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 1350{ 1351 struct hci_ev_conn_request *ev = (void *) skb->data; 1352 int mask = hdev->link_mode; 1353 1354 BT_DBG("%s bdaddr %s type 0x%x", hdev->name, 1355 batostr(&ev->bdaddr), ev->link_type); 1356 1357 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type); 1358 1359 if ((mask & HCI_LM_ACCEPT) && 1360 !hci_blacklist_lookup(hdev, &ev->bdaddr)) { 1361 /* Connection accepted */ 1362 struct inquiry_entry *ie; 1363 struct hci_conn *conn; 1364 1365 hci_dev_lock(hdev); 1366 1367 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); 1368 if (ie) 1369 memcpy(ie->data.dev_class, ev->dev_class, 3); 1370 1371 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 1372 if (!conn) { 1373 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr); 1374 if (!conn) { 1375 BT_ERR("No memory for new connection"); 1376 hci_dev_unlock(hdev); 1377 return; 1378 } 1379 } 1380 1381 memcpy(conn->dev_class, ev->dev_class, 3); 1382 conn->state = BT_CONNECT; 1383 1384 hci_dev_unlock(hdev); 1385 1386 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) { 1387 struct hci_cp_accept_conn_req cp; 1388 1389 bacpy(&cp.bdaddr, &ev->bdaddr); 1390 1391 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER)) 1392 cp.role = 0x00; /* Become master */ 1393 else 1394 cp.role = 0x01; /* Remain slave */ 1395 1396 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, 1397 sizeof(cp), &cp); 1398 } else { 1399 struct hci_cp_accept_sync_conn_req cp; 1400 1401 bacpy(&cp.bdaddr, &ev->bdaddr); 1402 cp.pkt_type = cpu_to_le16(conn->pkt_type); 1403 1404 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 1405 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 1406 cp.max_latency = cpu_to_le16(0xffff); 1407 cp.content_format = cpu_to_le16(hdev->voice_setting); 1408 cp.retrans_effort = 0xff; 1409 1410 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 1411 sizeof(cp), &cp); 1412 } 1413 } else { 1414 /* Connection rejected */ 1415 struct hci_cp_reject_conn_req cp; 1416 1417 bacpy(&cp.bdaddr, &ev->bdaddr); 1418 cp.reason = 0x0f; 1419 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp); 1420 } 1421} 1422 1423static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1424{ 1425 struct hci_ev_disconn_complete *ev = (void *) skb->data; 1426 struct hci_conn *conn; 1427 1428 BT_DBG("%s status %d", hdev->name, ev->status); 1429 1430 if (ev->status) { 1431 mgmt_disconnect_failed(hdev->id); 1432 return; 1433 } 1434 1435 hci_dev_lock(hdev); 1436 1437 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1438 if (!conn) 1439 goto unlock; 1440 1441 conn->state = BT_CLOSED; 1442 1443 if (conn->type == ACL_LINK) 1444 mgmt_disconnected(hdev->id, &conn->dst); 1445 1446 hci_proto_disconn_cfm(conn, ev->reason); 1447 hci_conn_del(conn); 1448 1449unlock: 1450 hci_dev_unlock(hdev); 1451} 1452 1453static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1454{ 1455 struct hci_ev_auth_complete *ev = (void *) skb->data; 1456 struct hci_conn *conn; 1457 1458 BT_DBG("%s status %d", hdev->name, ev->status); 1459 1460 hci_dev_lock(hdev); 1461 1462 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1463 if (conn) { 1464 if (!ev->status) { 1465 conn->link_mode |= HCI_LM_AUTH; 1466 conn->sec_level = conn->pending_sec_level; 1467 } else { 1468 mgmt_auth_failed(hdev->id, &conn->dst, ev->status); 1469 } 1470 1471 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); 1472 1473 if (conn->state == BT_CONFIG) { 1474 if (!ev->status && hdev->ssp_mode > 0 && 1475 conn->ssp_mode > 0) { 1476 struct hci_cp_set_conn_encrypt cp; 1477 cp.handle = ev->handle; 1478 cp.encrypt = 0x01; 1479 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, 1480 sizeof(cp), &cp); 1481 } else { 1482 conn->state = BT_CONNECTED; 1483 hci_proto_connect_cfm(conn, ev->status); 1484 hci_conn_put(conn); 1485 } 1486 } else { 1487 hci_auth_cfm(conn, ev->status); 1488 1489 hci_conn_hold(conn); 1490 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 1491 hci_conn_put(conn); 1492 } 1493 1494 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) { 1495 if (!ev->status) { 1496 struct hci_cp_set_conn_encrypt cp; 1497 cp.handle = ev->handle; 1498 cp.encrypt = 0x01; 1499 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, 1500 sizeof(cp), &cp); 1501 } else { 1502 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend); 1503 hci_encrypt_cfm(conn, ev->status, 0x00); 1504 } 1505 } 1506 } 1507 1508 hci_dev_unlock(hdev); 1509} 1510 1511static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb) 1512{ 1513 struct hci_ev_remote_name *ev = (void *) skb->data; 1514 struct hci_conn *conn; 1515 1516 BT_DBG("%s", hdev->name); 1517 1518 hci_conn_check_pending(hdev); 1519 1520 hci_dev_lock(hdev); 1521 1522 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags)) 1523 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name); 1524 1525 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1526 if (!conn) 1527 goto unlock; 1528 1529 if (!hci_outgoing_auth_needed(hdev, conn)) 1530 goto unlock; 1531 1532 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 1533 struct hci_cp_auth_requested cp; 1534 cp.handle = __cpu_to_le16(conn->handle); 1535 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp); 1536 } 1537 1538unlock: 1539 hci_dev_unlock(hdev); 1540} 1541 1542static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1543{ 1544 struct hci_ev_encrypt_change *ev = (void *) skb->data; 1545 struct hci_conn *conn; 1546 1547 BT_DBG("%s status %d", hdev->name, ev->status); 1548 1549 hci_dev_lock(hdev); 1550 1551 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1552 if (conn) { 1553 if (!ev->status) { 1554 if (ev->encrypt) { 1555 /* Encryption implies authentication */ 1556 conn->link_mode |= HCI_LM_AUTH; 1557 conn->link_mode |= HCI_LM_ENCRYPT; 1558 } else 1559 conn->link_mode &= ~HCI_LM_ENCRYPT; 1560 } 1561 1562 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend); 1563 1564 if (conn->state == BT_CONFIG) { 1565 if (!ev->status) 1566 conn->state = BT_CONNECTED; 1567 1568 hci_proto_connect_cfm(conn, ev->status); 1569 hci_conn_put(conn); 1570 } else 1571 hci_encrypt_cfm(conn, ev->status, ev->encrypt); 1572 } 1573 1574 hci_dev_unlock(hdev); 1575} 1576 1577static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1578{ 1579 struct hci_ev_change_link_key_complete *ev = (void *) skb->data; 1580 struct hci_conn *conn; 1581 1582 BT_DBG("%s status %d", hdev->name, ev->status); 1583 1584 hci_dev_lock(hdev); 1585 1586 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1587 if (conn) { 1588 if (!ev->status) 1589 conn->link_mode |= HCI_LM_SECURE; 1590 1591 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); 1592 1593 hci_key_change_cfm(conn, ev->status); 1594 } 1595 1596 hci_dev_unlock(hdev); 1597} 1598 1599static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb) 1600{ 1601 struct hci_ev_remote_features *ev = (void *) skb->data; 1602 struct hci_conn *conn; 1603 1604 BT_DBG("%s status %d", hdev->name, ev->status); 1605 1606 hci_dev_lock(hdev); 1607 1608 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1609 if (!conn) 1610 goto unlock; 1611 1612 if (!ev->status) 1613 memcpy(conn->features, ev->features, 8); 1614 1615 if (conn->state != BT_CONFIG) 1616 goto unlock; 1617 1618 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) { 1619 struct hci_cp_read_remote_ext_features cp; 1620 cp.handle = ev->handle; 1621 cp.page = 0x01; 1622 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES, 1623 sizeof(cp), &cp); 1624 goto unlock; 1625 } 1626 1627 if (!ev->status) { 1628 struct hci_cp_remote_name_req cp; 1629 memset(&cp, 0, sizeof(cp)); 1630 bacpy(&cp.bdaddr, &conn->dst); 1631 cp.pscan_rep_mode = 0x02; 1632 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp); 1633 } 1634 1635 if (!hci_outgoing_auth_needed(hdev, conn)) { 1636 conn->state = BT_CONNECTED; 1637 hci_proto_connect_cfm(conn, ev->status); 1638 hci_conn_put(conn); 1639 } 1640 1641unlock: 1642 hci_dev_unlock(hdev); 1643} 1644 1645static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb) 1646{ 1647 BT_DBG("%s", hdev->name); 1648} 1649 1650static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1651{ 1652 BT_DBG("%s", hdev->name); 1653} 1654 1655static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1656{ 1657 struct hci_ev_cmd_complete *ev = (void *) skb->data; 1658 __u16 opcode; 1659 1660 skb_pull(skb, sizeof(*ev)); 1661 1662 opcode = __le16_to_cpu(ev->opcode); 1663 1664 switch (opcode) { 1665 case HCI_OP_INQUIRY_CANCEL: 1666 hci_cc_inquiry_cancel(hdev, skb); 1667 break; 1668 1669 case HCI_OP_EXIT_PERIODIC_INQ: 1670 hci_cc_exit_periodic_inq(hdev, skb); 1671 break; 1672 1673 case HCI_OP_REMOTE_NAME_REQ_CANCEL: 1674 hci_cc_remote_name_req_cancel(hdev, skb); 1675 break; 1676 1677 case HCI_OP_ROLE_DISCOVERY: 1678 hci_cc_role_discovery(hdev, skb); 1679 break; 1680 1681 case HCI_OP_READ_LINK_POLICY: 1682 hci_cc_read_link_policy(hdev, skb); 1683 break; 1684 1685 case HCI_OP_WRITE_LINK_POLICY: 1686 hci_cc_write_link_policy(hdev, skb); 1687 break; 1688 1689 case HCI_OP_READ_DEF_LINK_POLICY: 1690 hci_cc_read_def_link_policy(hdev, skb); 1691 break; 1692 1693 case HCI_OP_WRITE_DEF_LINK_POLICY: 1694 hci_cc_write_def_link_policy(hdev, skb); 1695 break; 1696 1697 case HCI_OP_RESET: 1698 hci_cc_reset(hdev, skb); 1699 break; 1700 1701 case HCI_OP_WRITE_LOCAL_NAME: 1702 hci_cc_write_local_name(hdev, skb); 1703 break; 1704 1705 case HCI_OP_READ_LOCAL_NAME: 1706 hci_cc_read_local_name(hdev, skb); 1707 break; 1708 1709 case HCI_OP_WRITE_AUTH_ENABLE: 1710 hci_cc_write_auth_enable(hdev, skb); 1711 break; 1712 1713 case HCI_OP_WRITE_ENCRYPT_MODE: 1714 hci_cc_write_encrypt_mode(hdev, skb); 1715 break; 1716 1717 case HCI_OP_WRITE_SCAN_ENABLE: 1718 hci_cc_write_scan_enable(hdev, skb); 1719 break; 1720 1721 case HCI_OP_READ_CLASS_OF_DEV: 1722 hci_cc_read_class_of_dev(hdev, skb); 1723 break; 1724 1725 case HCI_OP_WRITE_CLASS_OF_DEV: 1726 hci_cc_write_class_of_dev(hdev, skb); 1727 break; 1728 1729 case HCI_OP_READ_VOICE_SETTING: 1730 hci_cc_read_voice_setting(hdev, skb); 1731 break; 1732 1733 case HCI_OP_WRITE_VOICE_SETTING: 1734 hci_cc_write_voice_setting(hdev, skb); 1735 break; 1736 1737 case HCI_OP_HOST_BUFFER_SIZE: 1738 hci_cc_host_buffer_size(hdev, skb); 1739 break; 1740 1741 case HCI_OP_READ_SSP_MODE: 1742 hci_cc_read_ssp_mode(hdev, skb); 1743 break; 1744 1745 case HCI_OP_WRITE_SSP_MODE: 1746 hci_cc_write_ssp_mode(hdev, skb); 1747 break; 1748 1749 case HCI_OP_READ_LOCAL_VERSION: 1750 hci_cc_read_local_version(hdev, skb); 1751 break; 1752 1753 case HCI_OP_READ_LOCAL_COMMANDS: 1754 hci_cc_read_local_commands(hdev, skb); 1755 break; 1756 1757 case HCI_OP_READ_LOCAL_FEATURES: 1758 hci_cc_read_local_features(hdev, skb); 1759 break; 1760 1761 case HCI_OP_READ_BUFFER_SIZE: 1762 hci_cc_read_buffer_size(hdev, skb); 1763 break; 1764 1765 case HCI_OP_READ_BD_ADDR: 1766 hci_cc_read_bd_addr(hdev, skb); 1767 break; 1768 1769 case HCI_OP_WRITE_CA_TIMEOUT: 1770 hci_cc_write_ca_timeout(hdev, skb); 1771 break; 1772 1773 case HCI_OP_DELETE_STORED_LINK_KEY: 1774 hci_cc_delete_stored_link_key(hdev, skb); 1775 break; 1776 1777 case HCI_OP_SET_EVENT_MASK: 1778 hci_cc_set_event_mask(hdev, skb); 1779 break; 1780 1781 case HCI_OP_WRITE_INQUIRY_MODE: 1782 hci_cc_write_inquiry_mode(hdev, skb); 1783 break; 1784 1785 case HCI_OP_READ_INQ_RSP_TX_POWER: 1786 hci_cc_read_inq_rsp_tx_power(hdev, skb); 1787 break; 1788 1789 case HCI_OP_SET_EVENT_FLT: 1790 hci_cc_set_event_flt(hdev, skb); 1791 break; 1792 1793 case HCI_OP_PIN_CODE_REPLY: 1794 hci_cc_pin_code_reply(hdev, skb); 1795 break; 1796 1797 case HCI_OP_PIN_CODE_NEG_REPLY: 1798 hci_cc_pin_code_neg_reply(hdev, skb); 1799 break; 1800 1801 case HCI_OP_READ_LOCAL_OOB_DATA: 1802 hci_cc_read_local_oob_data_reply(hdev, skb); 1803 break; 1804 1805 case HCI_OP_LE_READ_BUFFER_SIZE: 1806 hci_cc_le_read_buffer_size(hdev, skb); 1807 break; 1808 1809 case HCI_OP_USER_CONFIRM_REPLY: 1810 hci_cc_user_confirm_reply(hdev, skb); 1811 break; 1812 1813 case HCI_OP_USER_CONFIRM_NEG_REPLY: 1814 hci_cc_user_confirm_neg_reply(hdev, skb); 1815 break; 1816 1817 default: 1818 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 1819 break; 1820 } 1821 1822 if (ev->opcode != HCI_OP_NOP) 1823 del_timer(&hdev->cmd_timer); 1824 1825 if (ev->ncmd) { 1826 atomic_set(&hdev->cmd_cnt, 1); 1827 if (!skb_queue_empty(&hdev->cmd_q)) 1828 tasklet_schedule(&hdev->cmd_task); 1829 } 1830} 1831 1832static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb) 1833{ 1834 struct hci_ev_cmd_status *ev = (void *) skb->data; 1835 __u16 opcode; 1836 1837 skb_pull(skb, sizeof(*ev)); 1838 1839 opcode = __le16_to_cpu(ev->opcode); 1840 1841 switch (opcode) { 1842 case HCI_OP_INQUIRY: 1843 hci_cs_inquiry(hdev, ev->status); 1844 break; 1845 1846 case HCI_OP_CREATE_CONN: 1847 hci_cs_create_conn(hdev, ev->status); 1848 break; 1849 1850 case HCI_OP_ADD_SCO: 1851 hci_cs_add_sco(hdev, ev->status); 1852 break; 1853 1854 case HCI_OP_AUTH_REQUESTED: 1855 hci_cs_auth_requested(hdev, ev->status); 1856 break; 1857 1858 case HCI_OP_SET_CONN_ENCRYPT: 1859 hci_cs_set_conn_encrypt(hdev, ev->status); 1860 break; 1861 1862 case HCI_OP_REMOTE_NAME_REQ: 1863 hci_cs_remote_name_req(hdev, ev->status); 1864 break; 1865 1866 case HCI_OP_READ_REMOTE_FEATURES: 1867 hci_cs_read_remote_features(hdev, ev->status); 1868 break; 1869 1870 case HCI_OP_READ_REMOTE_EXT_FEATURES: 1871 hci_cs_read_remote_ext_features(hdev, ev->status); 1872 break; 1873 1874 case HCI_OP_SETUP_SYNC_CONN: 1875 hci_cs_setup_sync_conn(hdev, ev->status); 1876 break; 1877 1878 case HCI_OP_SNIFF_MODE: 1879 hci_cs_sniff_mode(hdev, ev->status); 1880 break; 1881 1882 case HCI_OP_EXIT_SNIFF_MODE: 1883 hci_cs_exit_sniff_mode(hdev, ev->status); 1884 break; 1885 1886 case HCI_OP_DISCONNECT: 1887 if (ev->status != 0) 1888 mgmt_disconnect_failed(hdev->id); 1889 break; 1890 1891 case HCI_OP_LE_CREATE_CONN: 1892 hci_cs_le_create_conn(hdev, ev->status); 1893 break; 1894 1895 default: 1896 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 1897 break; 1898 } 1899 1900 if (ev->opcode != HCI_OP_NOP) 1901 del_timer(&hdev->cmd_timer); 1902 1903 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) { 1904 atomic_set(&hdev->cmd_cnt, 1); 1905 if (!skb_queue_empty(&hdev->cmd_q)) 1906 tasklet_schedule(&hdev->cmd_task); 1907 } 1908} 1909 1910static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1911{ 1912 struct hci_ev_role_change *ev = (void *) skb->data; 1913 struct hci_conn *conn; 1914 1915 BT_DBG("%s status %d", hdev->name, ev->status); 1916 1917 hci_dev_lock(hdev); 1918 1919 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1920 if (conn) { 1921 if (!ev->status) { 1922 if (ev->role) 1923 conn->link_mode &= ~HCI_LM_MASTER; 1924 else 1925 conn->link_mode |= HCI_LM_MASTER; 1926 } 1927 1928 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend); 1929 1930 hci_role_switch_cfm(conn, ev->status, ev->role); 1931 } 1932 1933 hci_dev_unlock(hdev); 1934} 1935 1936static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb) 1937{ 1938 struct hci_ev_num_comp_pkts *ev = (void *) skb->data; 1939 __le16 *ptr; 1940 int i; 1941 1942 skb_pull(skb, sizeof(*ev)); 1943 1944 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl); 1945 1946 if (skb->len < ev->num_hndl * 4) { 1947 BT_DBG("%s bad parameters", hdev->name); 1948 return; 1949 } 1950 1951 tasklet_disable(&hdev->tx_task); 1952 1953 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) { 1954 struct hci_conn *conn; 1955 __u16 handle, count; 1956 1957 handle = get_unaligned_le16(ptr++); 1958 count = get_unaligned_le16(ptr++); 1959 1960 conn = hci_conn_hash_lookup_handle(hdev, handle); 1961 if (conn) { 1962 conn->sent -= count; 1963 1964 if (conn->type == ACL_LINK) { 1965 hdev->acl_cnt += count; 1966 if (hdev->acl_cnt > hdev->acl_pkts) 1967 hdev->acl_cnt = hdev->acl_pkts; 1968 } else if (conn->type == LE_LINK) { 1969 if (hdev->le_pkts) { 1970 hdev->le_cnt += count; 1971 if (hdev->le_cnt > hdev->le_pkts) 1972 hdev->le_cnt = hdev->le_pkts; 1973 } else { 1974 hdev->acl_cnt += count; 1975 if (hdev->acl_cnt > hdev->acl_pkts) 1976 hdev->acl_cnt = hdev->acl_pkts; 1977 } 1978 } else { 1979 hdev->sco_cnt += count; 1980 if (hdev->sco_cnt > hdev->sco_pkts) 1981 hdev->sco_cnt = hdev->sco_pkts; 1982 } 1983 } 1984 } 1985 1986 tasklet_schedule(&hdev->tx_task); 1987 1988 tasklet_enable(&hdev->tx_task); 1989} 1990 1991static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 1992{ 1993 struct hci_ev_mode_change *ev = (void *) skb->data; 1994 struct hci_conn *conn; 1995 1996 BT_DBG("%s status %d", hdev->name, ev->status); 1997 1998 hci_dev_lock(hdev); 1999 2000 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2001 if (conn) { 2002 conn->mode = ev->mode; 2003 conn->interval = __le16_to_cpu(ev->interval); 2004 2005 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 2006 if (conn->mode == HCI_CM_ACTIVE) 2007 conn->power_save = 1; 2008 else 2009 conn->power_save = 0; 2010 } 2011 2012 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend)) 2013 hci_sco_setup(conn, ev->status); 2014 } 2015 2016 hci_dev_unlock(hdev); 2017} 2018 2019static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 2020{ 2021 struct hci_ev_pin_code_req *ev = (void *) skb->data; 2022 struct hci_conn *conn; 2023 2024 BT_DBG("%s", hdev->name); 2025 2026 hci_dev_lock(hdev); 2027 2028 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2029 if (conn && conn->state == BT_CONNECTED) { 2030 hci_conn_hold(conn); 2031 conn->disc_timeout = HCI_PAIRING_TIMEOUT; 2032 hci_conn_put(conn); 2033 } 2034 2035 if (!test_bit(HCI_PAIRABLE, &hdev->flags)) 2036 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 2037 sizeof(ev->bdaddr), &ev->bdaddr); 2038 2039 if (test_bit(HCI_MGMT, &hdev->flags)) { 2040 u8 secure; 2041 2042 if (conn->pending_sec_level == BT_SECURITY_HIGH) 2043 secure = 1; 2044 else 2045 secure = 0; 2046 2047 mgmt_pin_code_request(hdev->id, &ev->bdaddr, secure); 2048 } 2049 2050 hci_dev_unlock(hdev); 2051} 2052 2053static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 2054{ 2055 struct hci_ev_link_key_req *ev = (void *) skb->data; 2056 struct hci_cp_link_key_reply cp; 2057 struct hci_conn *conn; 2058 struct link_key *key; 2059 2060 BT_DBG("%s", hdev->name); 2061 2062 if (!test_bit(HCI_LINK_KEYS, &hdev->flags)) 2063 return; 2064 2065 hci_dev_lock(hdev); 2066 2067 key = hci_find_link_key(hdev, &ev->bdaddr); 2068 if (!key) { 2069 BT_DBG("%s link key not found for %s", hdev->name, 2070 batostr(&ev->bdaddr)); 2071 goto not_found; 2072 } 2073 2074 BT_DBG("%s found key type %u for %s", hdev->name, key->type, 2075 batostr(&ev->bdaddr)); 2076 2077 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) && 2078 key->type == HCI_LK_DEBUG_COMBINATION) { 2079 BT_DBG("%s ignoring debug key", hdev->name); 2080 goto not_found; 2081 } 2082 2083 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2084 if (conn) { 2085 if (key->type == HCI_LK_UNAUTH_COMBINATION && 2086 conn->auth_type != 0xff && 2087 (conn->auth_type & 0x01)) { 2088 BT_DBG("%s ignoring unauthenticated key", hdev->name); 2089 goto not_found; 2090 } 2091 2092 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 && 2093 conn->pending_sec_level == BT_SECURITY_HIGH) { 2094 BT_DBG("%s ignoring key unauthenticated for high \ 2095 security", hdev->name); 2096 goto not_found; 2097 } 2098 2099 conn->key_type = key->type; 2100 conn->pin_length = key->pin_len; 2101 } 2102 2103 bacpy(&cp.bdaddr, &ev->bdaddr); 2104 memcpy(cp.link_key, key->val, 16); 2105 2106 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp); 2107 2108 hci_dev_unlock(hdev); 2109 2110 return; 2111 2112not_found: 2113 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr); 2114 hci_dev_unlock(hdev); 2115} 2116 2117static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb) 2118{ 2119 struct hci_ev_link_key_notify *ev = (void *) skb->data; 2120 struct hci_conn *conn; 2121 u8 pin_len = 0; 2122 2123 BT_DBG("%s", hdev->name); 2124 2125 hci_dev_lock(hdev); 2126 2127 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2128 if (conn) { 2129 hci_conn_hold(conn); 2130 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 2131 pin_len = conn->pin_length; 2132 2133 if (ev->key_type != HCI_LK_CHANGED_COMBINATION) 2134 conn->key_type = ev->key_type; 2135 2136 hci_conn_put(conn); 2137 } 2138 2139 if (test_bit(HCI_LINK_KEYS, &hdev->flags)) 2140 hci_add_link_key(hdev, 1, &ev->bdaddr, ev->link_key, 2141 ev->key_type, pin_len); 2142 2143 hci_dev_unlock(hdev); 2144} 2145 2146static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb) 2147{ 2148 struct hci_ev_clock_offset *ev = (void *) skb->data; 2149 struct hci_conn *conn; 2150 2151 BT_DBG("%s status %d", hdev->name, ev->status); 2152 2153 hci_dev_lock(hdev); 2154 2155 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2156 if (conn && !ev->status) { 2157 struct inquiry_entry *ie; 2158 2159 ie = hci_inquiry_cache_lookup(hdev, &conn->dst); 2160 if (ie) { 2161 ie->data.clock_offset = ev->clock_offset; 2162 ie->timestamp = jiffies; 2163 } 2164 } 2165 2166 hci_dev_unlock(hdev); 2167} 2168 2169static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 2170{ 2171 struct hci_ev_pkt_type_change *ev = (void *) skb->data; 2172 struct hci_conn *conn; 2173 2174 BT_DBG("%s status %d", hdev->name, ev->status); 2175 2176 hci_dev_lock(hdev); 2177 2178 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2179 if (conn && !ev->status) 2180 conn->pkt_type = __le16_to_cpu(ev->pkt_type); 2181 2182 hci_dev_unlock(hdev); 2183} 2184 2185static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb) 2186{ 2187 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data; 2188 struct inquiry_entry *ie; 2189 2190 BT_DBG("%s", hdev->name); 2191 2192 hci_dev_lock(hdev); 2193 2194 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); 2195 if (ie) { 2196 ie->data.pscan_rep_mode = ev->pscan_rep_mode; 2197 ie->timestamp = jiffies; 2198 } 2199 2200 hci_dev_unlock(hdev); 2201} 2202 2203static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb) 2204{ 2205 struct inquiry_data data; 2206 int num_rsp = *((__u8 *) skb->data); 2207 2208 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 2209 2210 if (!num_rsp) 2211 return; 2212 2213 hci_dev_lock(hdev); 2214 2215 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) { 2216 2217 if (test_bit(HCI_MGMT, &hdev->flags)) 2218 mgmt_discovering(hdev->id, 1); 2219 } 2220 2221 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) { 2222 struct inquiry_info_with_rssi_and_pscan_mode *info; 2223 info = (void *) (skb->data + 1); 2224 2225 for (; num_rsp; num_rsp--, info++) { 2226 bacpy(&data.bdaddr, &info->bdaddr); 2227 data.pscan_rep_mode = info->pscan_rep_mode; 2228 data.pscan_period_mode = info->pscan_period_mode; 2229 data.pscan_mode = info->pscan_mode; 2230 memcpy(data.dev_class, info->dev_class, 3); 2231 data.clock_offset = info->clock_offset; 2232 data.rssi = info->rssi; 2233 data.ssp_mode = 0x00; 2234 hci_inquiry_cache_update(hdev, &data); 2235 mgmt_device_found(hdev->id, &info->bdaddr, 2236 info->dev_class, info->rssi, 2237 NULL); 2238 } 2239 } else { 2240 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1); 2241 2242 for (; num_rsp; num_rsp--, info++) { 2243 bacpy(&data.bdaddr, &info->bdaddr); 2244 data.pscan_rep_mode = info->pscan_rep_mode; 2245 data.pscan_period_mode = info->pscan_period_mode; 2246 data.pscan_mode = 0x00; 2247 memcpy(data.dev_class, info->dev_class, 3); 2248 data.clock_offset = info->clock_offset; 2249 data.rssi = info->rssi; 2250 data.ssp_mode = 0x00; 2251 hci_inquiry_cache_update(hdev, &data); 2252 mgmt_device_found(hdev->id, &info->bdaddr, 2253 info->dev_class, info->rssi, 2254 NULL); 2255 } 2256 } 2257 2258 hci_dev_unlock(hdev); 2259} 2260 2261static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb) 2262{ 2263 struct hci_ev_remote_ext_features *ev = (void *) skb->data; 2264 struct hci_conn *conn; 2265 2266 BT_DBG("%s", hdev->name); 2267 2268 hci_dev_lock(hdev); 2269 2270 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 2271 if (!conn) 2272 goto unlock; 2273 2274 if (!ev->status && ev->page == 0x01) { 2275 struct inquiry_entry *ie; 2276 2277 ie = hci_inquiry_cache_lookup(hdev, &conn->dst); 2278 if (ie) 2279 ie->data.ssp_mode = (ev->features[0] & 0x01); 2280 2281 conn->ssp_mode = (ev->features[0] & 0x01); 2282 } 2283 2284 if (conn->state != BT_CONFIG) 2285 goto unlock; 2286 2287 if (!ev->status) { 2288 struct hci_cp_remote_name_req cp; 2289 memset(&cp, 0, sizeof(cp)); 2290 bacpy(&cp.bdaddr, &conn->dst); 2291 cp.pscan_rep_mode = 0x02; 2292 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp); 2293 } 2294 2295 if (!hci_outgoing_auth_needed(hdev, conn)) { 2296 conn->state = BT_CONNECTED; 2297 hci_proto_connect_cfm(conn, ev->status); 2298 hci_conn_put(conn); 2299 } 2300 2301unlock: 2302 hci_dev_unlock(hdev); 2303} 2304 2305static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 2306{ 2307 struct hci_ev_sync_conn_complete *ev = (void *) skb->data; 2308 struct hci_conn *conn; 2309 2310 BT_DBG("%s status %d", hdev->name, ev->status); 2311 2312 hci_dev_lock(hdev); 2313 2314 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 2315 if (!conn) { 2316 if (ev->link_type == ESCO_LINK) 2317 goto unlock; 2318 2319 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr); 2320 if (!conn) 2321 goto unlock; 2322 2323 conn->type = SCO_LINK; 2324 } 2325 2326 switch (ev->status) { 2327 case 0x00: 2328 conn->handle = __le16_to_cpu(ev->handle); 2329 conn->state = BT_CONNECTED; 2330 2331 hci_conn_hold_device(conn); 2332 hci_conn_add_sysfs(conn); 2333 break; 2334 2335 case 0x11: /* Unsupported Feature or Parameter Value */ 2336 case 0x1c: /* SCO interval rejected */ 2337 case 0x1a: /* Unsupported Remote Feature */ 2338 case 0x1f: /* Unspecified error */ 2339 if (conn->out && conn->attempt < 2) { 2340 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | 2341 (hdev->esco_type & EDR_ESCO_MASK); 2342 hci_setup_sync(conn, conn->link->handle); 2343 goto unlock; 2344 } 2345 /* fall through */ 2346 2347 default: 2348 conn->state = BT_CLOSED; 2349 break; 2350 } 2351 2352 hci_proto_connect_cfm(conn, ev->status); 2353 if (ev->status) 2354 hci_conn_del(conn); 2355 2356unlock: 2357 hci_dev_unlock(hdev); 2358} 2359 2360static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb) 2361{ 2362 BT_DBG("%s", hdev->name); 2363} 2364 2365static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb) 2366{ 2367 struct hci_ev_sniff_subrate *ev = (void *) skb->data; 2368 2369 BT_DBG("%s status %d", hdev->name, ev->status); 2370} 2371 2372static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb) 2373{ 2374 struct inquiry_data data; 2375 struct extended_inquiry_info *info = (void *) (skb->data + 1); 2376 int num_rsp = *((__u8 *) skb->data); 2377 2378 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 2379 2380 if (!num_rsp) 2381 return; 2382 2383 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) { 2384 2385 if (test_bit(HCI_MGMT, &hdev->flags)) 2386 mgmt_discovering(hdev->id, 1); 2387 } 2388 2389 hci_dev_lock(hdev); 2390 2391 for (; num_rsp; num_rsp--, info++) { 2392 bacpy(&data.bdaddr, &info->bdaddr); 2393 data.pscan_rep_mode = info->pscan_rep_mode; 2394 data.pscan_period_mode = info->pscan_period_mode; 2395 data.pscan_mode = 0x00; 2396 memcpy(data.dev_class, info->dev_class, 3); 2397 data.clock_offset = info->clock_offset; 2398 data.rssi = info->rssi; 2399 data.ssp_mode = 0x01; 2400 hci_inquiry_cache_update(hdev, &data); 2401 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class, 2402 info->rssi, info->data); 2403 } 2404 2405 hci_dev_unlock(hdev); 2406} 2407 2408static inline u8 hci_get_auth_req(struct hci_conn *conn) 2409{ 2410 /* If remote requests dedicated bonding follow that lead */ 2411 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) { 2412 /* If both remote and local IO capabilities allow MITM 2413 * protection then require it, otherwise don't */ 2414 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03) 2415 return 0x02; 2416 else 2417 return 0x03; 2418 } 2419 2420 /* If remote requests no-bonding follow that lead */ 2421 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01) 2422 return conn->remote_auth | (conn->auth_type & 0x01); 2423 2424 return conn->auth_type; 2425} 2426 2427static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 2428{ 2429 struct hci_ev_io_capa_request *ev = (void *) skb->data; 2430 struct hci_conn *conn; 2431 2432 BT_DBG("%s", hdev->name); 2433 2434 hci_dev_lock(hdev); 2435 2436 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2437 if (!conn) 2438 goto unlock; 2439 2440 hci_conn_hold(conn); 2441 2442 if (!test_bit(HCI_MGMT, &hdev->flags)) 2443 goto unlock; 2444 2445 if (test_bit(HCI_PAIRABLE, &hdev->flags) || 2446 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) { 2447 struct hci_cp_io_capability_reply cp; 2448 2449 bacpy(&cp.bdaddr, &ev->bdaddr); 2450 cp.capability = conn->io_capability; 2451 cp.authentication = hci_get_auth_req(conn); 2452 2453 if ((conn->out == 0x01 || conn->remote_oob == 0x01) && 2454 hci_find_remote_oob_data(hdev, &conn->dst)) 2455 cp.oob_data = 0x01; 2456 else 2457 cp.oob_data = 0x00; 2458 2459 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY, 2460 sizeof(cp), &cp); 2461 } else { 2462 struct hci_cp_io_capability_neg_reply cp; 2463 2464 bacpy(&cp.bdaddr, &ev->bdaddr); 2465 cp.reason = 0x18; /* Pairing not allowed */ 2466 2467 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY, 2468 sizeof(cp), &cp); 2469 } 2470 2471unlock: 2472 hci_dev_unlock(hdev); 2473} 2474 2475static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb) 2476{ 2477 struct hci_ev_io_capa_reply *ev = (void *) skb->data; 2478 struct hci_conn *conn; 2479 2480 BT_DBG("%s", hdev->name); 2481 2482 hci_dev_lock(hdev); 2483 2484 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2485 if (!conn) 2486 goto unlock; 2487 2488 conn->remote_cap = ev->capability; 2489 conn->remote_oob = ev->oob_data; 2490 conn->remote_auth = ev->authentication; 2491 2492unlock: 2493 hci_dev_unlock(hdev); 2494} 2495 2496static inline void hci_user_confirm_request_evt(struct hci_dev *hdev, 2497 struct sk_buff *skb) 2498{ 2499 struct hci_ev_user_confirm_req *ev = (void *) skb->data; 2500 int loc_mitm, rem_mitm, confirm_hint = 0; 2501 struct hci_conn *conn; 2502 2503 BT_DBG("%s", hdev->name); 2504 2505 hci_dev_lock(hdev); 2506 2507 if (!test_bit(HCI_MGMT, &hdev->flags)) 2508 goto unlock; 2509 2510 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2511 if (!conn) 2512 goto unlock; 2513 2514 loc_mitm = (conn->auth_type & 0x01); 2515 rem_mitm = (conn->remote_auth & 0x01); 2516 2517 /* If we require MITM but the remote device can't provide that 2518 * (it has NoInputNoOutput) then reject the confirmation 2519 * request. The only exception is when we're dedicated bonding 2520 * initiators (connect_cfm_cb set) since then we always have the MITM 2521 * bit set. */ 2522 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) { 2523 BT_DBG("Rejecting request: remote device can't provide MITM"); 2524 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY, 2525 sizeof(ev->bdaddr), &ev->bdaddr); 2526 goto unlock; 2527 } 2528 2529 /* If no side requires MITM protection; auto-accept */ 2530 if ((!loc_mitm || conn->remote_cap == 0x03) && 2531 (!rem_mitm || conn->io_capability == 0x03)) { 2532 2533 /* If we're not the initiators request authorization to 2534 * proceed from user space (mgmt_user_confirm with 2535 * confirm_hint set to 1). */ 2536 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 2537 BT_DBG("Confirming auto-accept as acceptor"); 2538 confirm_hint = 1; 2539 goto confirm; 2540 } 2541 2542 BT_DBG("Auto-accept of user confirmation with %ums delay", 2543 hdev->auto_accept_delay); 2544 2545 if (hdev->auto_accept_delay > 0) { 2546 int delay = msecs_to_jiffies(hdev->auto_accept_delay); 2547 mod_timer(&conn->auto_accept_timer, jiffies + delay); 2548 goto unlock; 2549 } 2550 2551 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY, 2552 sizeof(ev->bdaddr), &ev->bdaddr); 2553 goto unlock; 2554 } 2555 2556confirm: 2557 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey, 2558 confirm_hint); 2559 2560unlock: 2561 hci_dev_unlock(hdev); 2562} 2563 2564static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 2565{ 2566 struct hci_ev_simple_pair_complete *ev = (void *) skb->data; 2567 struct hci_conn *conn; 2568 2569 BT_DBG("%s", hdev->name); 2570 2571 hci_dev_lock(hdev); 2572 2573 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2574 if (!conn) 2575 goto unlock; 2576 2577 /* To avoid duplicate auth_failed events to user space we check 2578 * the HCI_CONN_AUTH_PEND flag which will be set if we 2579 * initiated the authentication. A traditional auth_complete 2580 * event gets always produced as initiator and is also mapped to 2581 * the mgmt_auth_failed event */ 2582 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0) 2583 mgmt_auth_failed(hdev->id, &conn->dst, ev->status); 2584 2585 hci_conn_put(conn); 2586 2587unlock: 2588 hci_dev_unlock(hdev); 2589} 2590 2591static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb) 2592{ 2593 struct hci_ev_remote_host_features *ev = (void *) skb->data; 2594 struct inquiry_entry *ie; 2595 2596 BT_DBG("%s", hdev->name); 2597 2598 hci_dev_lock(hdev); 2599 2600 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); 2601 if (ie) 2602 ie->data.ssp_mode = (ev->features[0] & 0x01); 2603 2604 hci_dev_unlock(hdev); 2605} 2606 2607static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev, 2608 struct sk_buff *skb) 2609{ 2610 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data; 2611 struct oob_data *data; 2612 2613 BT_DBG("%s", hdev->name); 2614 2615 hci_dev_lock(hdev); 2616 2617 if (!test_bit(HCI_MGMT, &hdev->flags)) 2618 goto unlock; 2619 2620 data = hci_find_remote_oob_data(hdev, &ev->bdaddr); 2621 if (data) { 2622 struct hci_cp_remote_oob_data_reply cp; 2623 2624 bacpy(&cp.bdaddr, &ev->bdaddr); 2625 memcpy(cp.hash, data->hash, sizeof(cp.hash)); 2626 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer)); 2627 2628 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp), 2629 &cp); 2630 } else { 2631 struct hci_cp_remote_oob_data_neg_reply cp; 2632 2633 bacpy(&cp.bdaddr, &ev->bdaddr); 2634 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp), 2635 &cp); 2636 } 2637 2638unlock: 2639 hci_dev_unlock(hdev); 2640} 2641 2642static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 2643{ 2644 struct hci_ev_le_conn_complete *ev = (void *) skb->data; 2645 struct hci_conn *conn; 2646 2647 BT_DBG("%s status %d", hdev->name, ev->status); 2648 2649 hci_dev_lock(hdev); 2650 2651 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr); 2652 if (!conn) { 2653 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr); 2654 if (!conn) { 2655 BT_ERR("No memory for new connection"); 2656 hci_dev_unlock(hdev); 2657 return; 2658 } 2659 } 2660 2661 if (ev->status) { 2662 hci_proto_connect_cfm(conn, ev->status); 2663 conn->state = BT_CLOSED; 2664 hci_conn_del(conn); 2665 goto unlock; 2666 } 2667 2668 conn->handle = __le16_to_cpu(ev->handle); 2669 conn->state = BT_CONNECTED; 2670 2671 hci_conn_hold_device(conn); 2672 hci_conn_add_sysfs(conn); 2673 2674 hci_proto_connect_cfm(conn, ev->status); 2675 2676unlock: 2677 hci_dev_unlock(hdev); 2678} 2679 2680static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb) 2681{ 2682 struct hci_ev_le_meta *le_ev = (void *) skb->data; 2683 2684 skb_pull(skb, sizeof(*le_ev)); 2685 2686 switch (le_ev->subevent) { 2687 case HCI_EV_LE_CONN_COMPLETE: 2688 hci_le_conn_complete_evt(hdev, skb); 2689 break; 2690 2691 default: 2692 break; 2693 } 2694} 2695 2696void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) 2697{ 2698 struct hci_event_hdr *hdr = (void *) skb->data; 2699 __u8 event = hdr->evt; 2700 2701 skb_pull(skb, HCI_EVENT_HDR_SIZE); 2702 2703 switch (event) { 2704 case HCI_EV_INQUIRY_COMPLETE: 2705 hci_inquiry_complete_evt(hdev, skb); 2706 break; 2707 2708 case HCI_EV_INQUIRY_RESULT: 2709 hci_inquiry_result_evt(hdev, skb); 2710 break; 2711 2712 case HCI_EV_CONN_COMPLETE: 2713 hci_conn_complete_evt(hdev, skb); 2714 break; 2715 2716 case HCI_EV_CONN_REQUEST: 2717 hci_conn_request_evt(hdev, skb); 2718 break; 2719 2720 case HCI_EV_DISCONN_COMPLETE: 2721 hci_disconn_complete_evt(hdev, skb); 2722 break; 2723 2724 case HCI_EV_AUTH_COMPLETE: 2725 hci_auth_complete_evt(hdev, skb); 2726 break; 2727 2728 case HCI_EV_REMOTE_NAME: 2729 hci_remote_name_evt(hdev, skb); 2730 break; 2731 2732 case HCI_EV_ENCRYPT_CHANGE: 2733 hci_encrypt_change_evt(hdev, skb); 2734 break; 2735 2736 case HCI_EV_CHANGE_LINK_KEY_COMPLETE: 2737 hci_change_link_key_complete_evt(hdev, skb); 2738 break; 2739 2740 case HCI_EV_REMOTE_FEATURES: 2741 hci_remote_features_evt(hdev, skb); 2742 break; 2743 2744 case HCI_EV_REMOTE_VERSION: 2745 hci_remote_version_evt(hdev, skb); 2746 break; 2747 2748 case HCI_EV_QOS_SETUP_COMPLETE: 2749 hci_qos_setup_complete_evt(hdev, skb); 2750 break; 2751 2752 case HCI_EV_CMD_COMPLETE: 2753 hci_cmd_complete_evt(hdev, skb); 2754 break; 2755 2756 case HCI_EV_CMD_STATUS: 2757 hci_cmd_status_evt(hdev, skb); 2758 break; 2759 2760 case HCI_EV_ROLE_CHANGE: 2761 hci_role_change_evt(hdev, skb); 2762 break; 2763 2764 case HCI_EV_NUM_COMP_PKTS: 2765 hci_num_comp_pkts_evt(hdev, skb); 2766 break; 2767 2768 case HCI_EV_MODE_CHANGE: 2769 hci_mode_change_evt(hdev, skb); 2770 break; 2771 2772 case HCI_EV_PIN_CODE_REQ: 2773 hci_pin_code_request_evt(hdev, skb); 2774 break; 2775 2776 case HCI_EV_LINK_KEY_REQ: 2777 hci_link_key_request_evt(hdev, skb); 2778 break; 2779 2780 case HCI_EV_LINK_KEY_NOTIFY: 2781 hci_link_key_notify_evt(hdev, skb); 2782 break; 2783 2784 case HCI_EV_CLOCK_OFFSET: 2785 hci_clock_offset_evt(hdev, skb); 2786 break; 2787 2788 case HCI_EV_PKT_TYPE_CHANGE: 2789 hci_pkt_type_change_evt(hdev, skb); 2790 break; 2791 2792 case HCI_EV_PSCAN_REP_MODE: 2793 hci_pscan_rep_mode_evt(hdev, skb); 2794 break; 2795 2796 case HCI_EV_INQUIRY_RESULT_WITH_RSSI: 2797 hci_inquiry_result_with_rssi_evt(hdev, skb); 2798 break; 2799 2800 case HCI_EV_REMOTE_EXT_FEATURES: 2801 hci_remote_ext_features_evt(hdev, skb); 2802 break; 2803 2804 case HCI_EV_SYNC_CONN_COMPLETE: 2805 hci_sync_conn_complete_evt(hdev, skb); 2806 break; 2807 2808 case HCI_EV_SYNC_CONN_CHANGED: 2809 hci_sync_conn_changed_evt(hdev, skb); 2810 break; 2811 2812 case HCI_EV_SNIFF_SUBRATE: 2813 hci_sniff_subrate_evt(hdev, skb); 2814 break; 2815 2816 case HCI_EV_EXTENDED_INQUIRY_RESULT: 2817 hci_extended_inquiry_result_evt(hdev, skb); 2818 break; 2819 2820 case HCI_EV_IO_CAPA_REQUEST: 2821 hci_io_capa_request_evt(hdev, skb); 2822 break; 2823 2824 case HCI_EV_IO_CAPA_REPLY: 2825 hci_io_capa_reply_evt(hdev, skb); 2826 break; 2827 2828 case HCI_EV_USER_CONFIRM_REQUEST: 2829 hci_user_confirm_request_evt(hdev, skb); 2830 break; 2831 2832 case HCI_EV_SIMPLE_PAIR_COMPLETE: 2833 hci_simple_pair_complete_evt(hdev, skb); 2834 break; 2835 2836 case HCI_EV_REMOTE_HOST_FEATURES: 2837 hci_remote_host_features_evt(hdev, skb); 2838 break; 2839 2840 case HCI_EV_LE_META: 2841 hci_le_meta_evt(hdev, skb); 2842 break; 2843 2844 case HCI_EV_REMOTE_OOB_DATA_REQUEST: 2845 hci_remote_oob_data_request_evt(hdev, skb); 2846 break; 2847 2848 default: 2849 BT_DBG("%s event 0x%x", hdev->name, event); 2850 break; 2851 } 2852 2853 kfree_skb(skb); 2854 hdev->stat.evt_rx++; 2855} 2856 2857/* Generate internal stack event */ 2858void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data) 2859{ 2860 struct hci_event_hdr *hdr; 2861 struct hci_ev_stack_internal *ev; 2862 struct sk_buff *skb; 2863 2864 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC); 2865 if (!skb) 2866 return; 2867 2868 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE); 2869 hdr->evt = HCI_EV_STACK_INTERNAL; 2870 hdr->plen = sizeof(*ev) + dlen; 2871 2872 ev = (void *) skb_put(skb, sizeof(*ev) + dlen); 2873 ev->type = type; 2874 memcpy(ev->data, data, dlen); 2875 2876 bt_cb(skb)->incoming = 1; 2877 __net_timestamp(skb); 2878 2879 bt_cb(skb)->pkt_type = HCI_EVENT_PKT; 2880 skb->dev = (void *) hdev; 2881 hci_send_to_sock(hdev, skb, NULL); 2882 kfree_skb(skb); 2883} 2884